PGP Key created by importing certificate can not be used with different software

book

Article ID: 156929

calendar_today

Updated On:

Products

PGP Command Line

Issue/Introduction

When importing a public certificate into PGP (Desktop or Commandline), the resulting public PGP Key is not usable when importing into other software.

Importing the PGP Key into other software might either give an error about missing self-signatures or missing userID or unknown algorithm.

gpg: key XXXXXXXX: no valid user IDs
gpg: this may be caused by a missing self-signature
 

Cause

When importing a public certificate, PGP creates a "container" key which holds the certificate.

As the private certificate is not available, that key can not self-sign the created userID. However a correct self-signature is a required part of a PGP key.

In addition, to prevent issues with other software trying to use this "container" key, the subkey algorithm is set to "100".

Resolution

To create a usable PGP Key out of a certificate you have to import the private certificate (.p12). This will result in a usable PGP Key.